He released 14,200 patient names, HIV test results, phone numbers, addresses, ID numbers, and other medical information - including the names and contact information of 2,400 of their sex partners, the Singaporean Ministry of Health said in a statement.
Authorities were contacting people who might have been affected by the leak and more 900 had been approached so far, local media reported.
"We are sorry for the anxiety and distress caused by this incident", the ministry said.
The Ministry of Health (MOH) said it lodged a police report against Brochez in May 2016, when it received information that he had confidential information that appeared to be from the HIV registry.
However, the information is still in the hands of Farrera-Brochez, who was deported after he had served his jail term. Singapore remains among a small number of developed countries that maintain some restrictions on long-term visit passes and work visas.
According to the Straits Times, a Singaporean newspaper, Brochez submitted a blood sample from Ler as his own, after testing positive for HIV in 2008.
Ler had drawn blood from his left arm earlier that day and labelled the test tube with Farrera-Brochez's particulars. The HIV information leak was not related to the cyberbreach. Health Minister Gan Kim Yong apologised for the leak. "Our priority is the wellbeing of the affected individuals".
The disclosure by Singapore's health ministry late Monday, coming after last year's news of a major cyber attack on its national health database, could further dent the highly wired state's push to place itself as a data and health care hub. Those with information or concerns can call the MOH hotline on 6325-9220.
The ministry asked for help from "their foreign counterparts" to track Brochez down, noting he is "currently under police investigation for various offenses". However, officials have warned that the culprit is still in possession of the information and could disclose it publicly in the future. "Police will not hesitate to take stern action, including prosecution, against those who have breached the OSA", said a spokesman.More news: Six-try Fiji too strong for the US at Hamilton sevens
More news: Rose wins at Torrey Pines, DeChambeau rolls in Dubai | AP sports
More news: United States unseals indictments against China's Huawei and CFO Wanzhou
An American living in Singapore intentionally leaked the personal data of over 14,000 people living with HIV.
March 2012 - May 2013: Ler was head of the Health Ministry's National Public Health Unit and had access to the HIV Registry.
Ler was charged in court in June 2016 for offences under the Penal Code and the Official Secrets Act (OSA).
Using the same ruse, the pair duped the authorities again in 2013, when Farrera-Brochez tried to apply for a Personalised Em-ployment Pass. But he does not have a practising certificate or access to MOH and public healthcare IT systems with patient records.
The health ministry was notified by police last week that confidential information from the HIV registry may have been disclosed. MOH filed yet another police report.
"The information has been illegally disclosed online", it said.
Jan 24-25, 2019: MOH worked with relevant parties to disable access to the information.
Sentenced to two years in jail, Ler is appealing against the sentence, with the hearing scheduled for March.